WO2013186274A1 - Obtention de mots de contrôle au moyen de multiples échelles de clés - Google Patents

Obtention de mots de contrôle au moyen de multiples échelles de clés Download PDF

Info

Publication number
WO2013186274A1
WO2013186274A1 PCT/EP2013/062176 EP2013062176W WO2013186274A1 WO 2013186274 A1 WO2013186274 A1 WO 2013186274A1 EP 2013062176 W EP2013062176 W EP 2013062176W WO 2013186274 A1 WO2013186274 A1 WO 2013186274A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
secured
key data
receiver device
amounts
Prior art date
Application number
PCT/EP2013/062176
Other languages
English (en)
Inventor
Hans Dekker
Peter ROELSE
Original Assignee
Irdeto B.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Irdeto B.V. filed Critical Irdeto B.V.
Publication of WO2013186274A1 publication Critical patent/WO2013186274A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0827Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • H04N21/63345Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/601Broadcast encryption

Definitions

  • This invention relates to methods, apparatus and computer programs for a receiver device to obtain, or to enable a receiver device to obtain, a control word for decrypting encrypted content.
  • FIG. 1a of the accompanying drawings schematically illustrates a system 100 providing secure content delivery.
  • the system 100 comprises a content provider system 102, a network 104 and a receiver 106.
  • the content provider system 102 is arranged to transmit data to the receiver 106 via the network 104.
  • the network 104 may be any kind of network suitable for transmitting or communicating data from the content provider system 102 to the receiver 106.
  • the network 104 could comprise one or more of a local area network, a wide area network, a metropolitan area network, the internet, a wireless communications network, a cable network, a digital broadcast network, a satellite communication network, a telephone network, etc.
  • the content provider system 102 may then communicate with the receiver 106 over the network 104 via any suitable communication mechanism/protocol in order to communicate data from the content provider system 02 to the receiver 106.
  • the content provider system 102 may be any system that is suitable for communicating data to the receiver 106 via the network 104.
  • the content provider system 102 comprises one or more processors 110, a memory 1 12 and a network interface 1 14.
  • the network interface 1 14 is arranged to interface with the network 104 to enable the content provider system 102 to communicate with the network 104 (so that the content provider system 102 can then communicate with the receiver 106 via the network 104).
  • the content provider system 102 may store, in the memory 112, data to be transmitted to the receiver 106. This data may be generated by the processors) 110 and/or may be data that the content provider system 102 receives from another system (not shown in figure 1a).
  • the content provider system 102 could be a headend system of a digital broadcast system (in which case the network 104 could comprise a terrestrial broadcast network or a satellite broadcast network) or the content provider system 102 could be a headend system of a cable network system (in which case the network 104 could comprise a cable network).
  • the content provider system 102 could comprise one or more servers for transmitting, or providing access to, data over the internet (in which case the network 104 may comprise the internet).
  • the content provider system 102 may take other forms instead.
  • the data to be transmitted from the content provider system 102 to the receiver 106 comprises content M and conditional access data.
  • the content M may be any form of content, and may comprise one or more of video data, image data, audio data, multimedia data, text data, etc.
  • the content M may be provided to the content provider system 102 by a separate system (not shown in figure 1a) for the content provider system 102 to then provide to the receiver 106.
  • the content M is transmitted in encrypted (scrambled) form.
  • one or more sections of the content M may be encrypted with a respective control word CW (an encryption/decryption key) - the CW to be used to encrypt a current amount of content M may be changed on a regular basis, e.g. once every couple of seconds.
  • CW an encryption/decryption key
  • Figure 1a illustrates encrypted content ⁇ M ⁇ C w being transmitted from the content provider system 102 to the receiver system 106 - in general, throughout this description, an amount of data X that is encrypted and for which a decryption key K is required to decrypt the encrypted data to obtain the cleartext data X is represented as ⁇ X ⁇ K .
  • the conditional access data may comprise data which the receiver 106 can, if sufficiently authorised, use to gain access to the encrypted content - this typically includes entitlement control messages (ECMs) and entitlement management messages (EMMs). This shall be described in more detail shortly.
  • ECMs entitlement control messages
  • EMMs entitlement management messages
  • the content provider system 102 may comprise one or more conditional access (CA) and/or digital rights management (DRM) systems or modules (which may be executed by the processors) 110) which are responsible for performing the encryption of the content M, the generation and cycling of CWs, and the generation of the conditional access data (e.g. ECMs and EMMs) according to the authorization of subscribers.
  • CA conditional access
  • DRM digital rights management
  • the receiver 106 may be any system that is suitable for receiving data from the content provider system 102 over the network 104.
  • the receiver 106 comprises a network interface 120, a receiver device (or module) 122, and a decoder 124.
  • the receiver device 122 may be implemented as hardware (e.g. a receiver chip set) or may be implemented as obfuscated software or firmware executed on a processor inside the receiver 106.
  • the network interface 120 is arranged to interface with the network 104 to enable the receiver 106 to receive data from the network 104.
  • Data received by the network interface 120 is passed to the receiver device 122.
  • the receiver device 122 passes conditional access data that it receives to a secured module 130 communicably coupled to the receiver device 122.
  • the secured module 130 processes the conditional access data and, if the secured module 130 is authorised to provide access to the received content M, the secured module 130 provides information over a communication channel or interface 140 to the receiver device 122 that enables the receiver device 122 to decrypt the encrypted content ⁇ M ⁇ C w - this information could be the CW itself or information from which the receiver device 122 is able to generate the CW.
  • the receiver device 122 upon obtaining a valid CW, decrypts the encrypted content ⁇ M ⁇ cw using the CW so as to produce the cleartext content M.
  • the receiver device 122 is arranged to pass the content M to the decoder module 124.
  • the decoder module 124 is arranged to perform any decoding necessary (e.g. data compression decoding), formatting, signal generation, etc. so as to output the content M in a suitable form (e.g. a signal for provision to a television).
  • the decoder module 124 is not part of the receiver 106 but may, instead, form part of a separate system (such as a television).
  • the decoder module 124 and the receiver device 122 may be implemented within the same hardware and/or software.
  • an ECM contains a CW that the receiver 106 needs to decrypt the encrypted content ⁇ M ⁇ cw > or at least information by which the receiver 106 can generate the CW.
  • the content of the ECM is encrypted using a key PK.
  • An EMM is transmitted to the receiver 106, where the EMM contains the key PK.
  • the key PK is contained in the EMM in encrypted form - this is performed in a manner that only the secured module 130 (or a group of secured modules 130) can decrypt (e.g. using a public key associated with a private key of the secured module 130, or using a secret key shared only by the secured module 130 and the content provider system 102).
  • the EMM is, therefore, targeted at the specific secured module 130 (or group of secured modules 130) and will only have been transmitted by the content provider system 102 if the content provider system 102 wishes (or has been instructed) to provide the subscriber/user associated with the secured module 130 access to the content M.
  • the secured module 130 to which the EMM is targeted can decrypt the content of the EMM to access the key PK.
  • the secured module 130 can then use the key PK to decrypt the content of the ECM, and can then pass some or all of the content of the ECM, via the interface 140, to the receiver device 122 to enable the receiver device 122 to decrypt the encrypted content ⁇ M ⁇ cw-
  • the secured module 130 may take one of several forms.
  • the secured module 130 may be a smart card with embedded software for carrying out the above functionality, the smart card being removable from the receiver 106; or the secured module 130 may be
  • EP2227015 implemented as obfuscated software or firmware executed on a processor inside the receiver 106 (an example of which is disclosed in EP2227015 - for example, figures 3 and 7 thereof and their associated descriptions - the entire disclosure of EP2227015 is incorporated herein by reference).
  • the receiver 106 may comprise one or more of a set-top- box, a personal computer, a mobile telephone, a games console, etc., but it will be appreciated that the receiver 106 may take other forms instead.
  • each content provider system 102 may provide data to multiple receivers 106 over one or more networks 104, and each receiver 106 may receive data from multiple content provider systems 102 over one or more networks 104.
  • the CW (or information from which the receiver device 122 can obtain the CW) is communicated over the interface 140 from the secured module 130 to the receiver device 122.
  • the rest of the description shall refer to the CW itself being communicated to (or received at or obtained at) the receiver device 122, but it will be appreciated that the description applies equally to information from which the receiver device 122 can obtain the CW.
  • the interface 140 needs to be secure. If the interface 140 is not secure, then an attacker can monitor the interface 140 and read the CWs and distribute them to other receivers 106 whose subscribers/users (or, equivalently, their associated secured modules 130) are not authorised to access the content M so that those subscribers/users can access the content M in an unauthorised manner.
  • Figure 2a of the accompanying drawings schematically illustrates the use of a so-called "key ladder” to secure the interface 140.
  • a "key ladder” represents a hierarchy or a set (or group or collection) of one or more keys by which key data (e.g. a cryptographic key or information used to generate or obtain a cryptographic key) can be secured.
  • the key ladder may comprise one or more encryption keys (e.g.
  • the key ladder may comprise one or more corresponding decryption keys by which the original key data may be obtained (i.e. by undoing the encryption performed using the encryption keys).
  • the encryption keys may be the same as the decryption keys when using symmetric encryption algorithms.
  • the key ladder may comprise one or more authentication keys for performing authentication on the (possibly encrypted) key data (e.g. to authenticate its integrity or to authenticate its origin) - for example, a signature key may be used to apply a digital signature to the key data and a corresponding authentication key may be used to verify the digital signature.
  • a sender of the key data may use some of the keys of the key ladder (e.g. encryption keys and/or signature keys) to secure the key data
  • a receiver of the secured key data may use other keys of the key ladder (e.g. decryption keys and/or authentication keys) to obtain the initial key data from the secured key data.
  • the secure module 130 receives the encrypted control word ⁇ CWJPK (e.g. in an ECM) as set out above. Assuming that the secure module 130 has access to the key PK (e.g. if an EMM containing the key PK has been sent to the secure module 30), then the secure module 30 can decrypt the encrypted control word ⁇ CW ⁇ PK to obtain the CW. The secure module 130 may then encrypt the CW to form an encrypted control word ⁇ CW ⁇ LK using a session key LK known to both the secure module 130 and the receiver device 122 - i.e.
  • ⁇ CWJPK e.g. in an ECM
  • the secure module 130 may then provide the encrypted control word ⁇ CWJLK to the receiver device 122 over the interface 140 - thus, the interface 140 is secured.
  • the receiver device knowing the session key LK, can decrypt the encrypted control word ⁇ CW ⁇ L K to obtain the CW.
  • the receiver device 122 comprises a key ladder module 200.
  • the key ladder module 200 is arranged to perform cryptographic processing using one or more keys of the key ladder to obtain initial key data from secured key data that the key ladder module 200 receives (this secured key data having been formed from the initial key data secured using one or more keys of the key ladder).
  • the cryptographic processing may be, for example, decryption and/or authentication, as appropriate, depending on the cryptographic processing that was applied to the initial key data to obtain the secured key data.
  • the key ladder module 200 is arranged to decrypt the received encrypted control word ⁇ CW ⁇ LK to obtain the CW using the session key LK.
  • the receiver device 122 is also arranged to carry out the decryption of the encrypted content ⁇ M ⁇ cw using the obtained CW, the cleartext CW is not made available on an external interface of the receiver device 122.
  • an EMM provided by the content provider system 102 may contain: (a) a session key (LK) and (b) the session key LK encrypted using a key (CSUK) unique to the receiver device 122 (or to the key ladder module 200 of the receiver device 122), i.e. ⁇ LKJCSUK-
  • CSSK session key
  • the key CSUK may be generated by the receiver device 122 during the manufacture or creation of the receiver device 122 (e.g. during manufacture of a chip for the receiver device 122); the key CSUK may be generated by the manufacturer of the receiver device 122 and installed into the receiver device 122 during the manufacture/initialisation of the receiver device 122.
  • the key CSUK, along with an identification (CSID) of the associated receiver device 122, may then be provided (in a tightly controlled distribution) from the manufacturer of the receiver device 122 to an associated CA system of the content provider system 102.
  • the key CSUK is stored securely in the receiver device 122 (i.e.
  • the content provider system 102 may have generated the session key LK in any way (e.g. as a random number).
  • the secured module 130 can obtain the session key LK from the EMM.
  • the secured module 130 may pass the encrypted session key i.e. ⁇ LK ⁇ CSUK, to the receiver device 122, or its key ladder module 200, and the key ladder module 200 may then decrypt ⁇ LKJ CS UK using the key CSUK. In this way, both the secured module 130 and the receiver device 122 obtain the session key LK.
  • the key ladder in this example thus comprises: (a) the key LK for the secured module 130 to use and; (b) the keys CSUK and LK for the receiver device 122 and the content provider system 102 to use.
  • the keys of the key ladder are symmetric/secret keys, and hence the key ladder module 200 makes use of symmetric cryptographic algorithms (implemented as decryption modules "D" in figure 2b).
  • the key ladder module 200 may, additionally or alternatively, make use of an asymmetric cryptographic algorithm - for example, the session key LK may be a private key known only by the receiver device 122, with the secure module 130 using the corresponding public key to carry out the encryption of the CW.
  • European patent applications 10193312.5 and 11250650.6 disclose how the secured module 130 may encrypt a virtual CW (CW*) using a public key CSPK of the receiver device 122.
  • the public key CSPK and its associated private key CSSK may be generated by, or initialised in, the receiver device 122 during the manufacture or creation of the receiver device 122 (e.g. during manufacture of a chip for the receiver device 122) - the public key CSPK may then be distributed as required.
  • the encrypted CW* may also have a digital signature applied using a private key SK of the secured module 130.
  • the private key SK and its associated public key PSK may be generated by, or initialised in, the secured module 130 during the manufacture or creation of the secured module 130 - the public key PSK may then be distributed as required.
  • the signed and encrypted CW * is provided to the receiver device 122.
  • the receiver device 122 may use the public key PSK (corresponding to the private key SK) of the secured module 130 to verify the digital signature, and may then use its own private key CSSK (corresponding to the public key CSPK) to decrypt the encrypted CW* to obtain CW*.
  • the receiver device 122 uses CW* and the public key PSK of the secured module 130 as inputs to a hash function, the output of which is the CW to use.
  • the key ladder comprises: (a) keys CSPK and SK for the secured module 130 to use and; (b) keys CSSK and PK for the receiver device 122 to use.
  • key ladders and key ladder modules 200, may be implemented in many other ways. Such key ladder modules 200 are often proprietary to, or specific to, particular CA providers - hence, different key ladder modules 200 for different CA providers may function, or use keys, in different ways.
  • a key ladder module is arranged to receive a secured form of an initial amount of data and to obtain, from that secured form of the initial amount of data, that initial amount of data using one or more corresponding keys (of the key ladder). In such a scenario, the initial amount of data was secured (to form the secured form of the initial amount of data) using corresponding keys of the key ladder.
  • the receiver device 122 may implement a key ladder module 200 to secure the interface 140 between the receiver device 122 and the secured module 130.
  • the key ladder used by a key ladder module 200 is arranged to receive a secured form of an initial amount of data and to obtain, from that secured form of the initial amount of data, that initial amount of data using one or more corresponding keys (of the key ladder).
  • the initial amount of data was secured (to form the
  • initialization data to uniquely configure that key ladder - this could be, for example, the key CSUK initialized and stored in the key ladder module 200, and known to the associated CA system, for the example described above with respect to figure 2b.
  • the content provider system 102 comprises a CA system that stores, in a key ladder database, one or more keys that the CA system needs for its processing of a key ladder - for example, the CA system may store in the key ladder database the keys CSUK for the various receiver devices 122 with which the CA system is associated.
  • the CA system may also store, in a subscriber database, various subscriber information, e.g. authorisations of subscribers/users associated with the secured devices 130, and secret keys shared between the CA system and the secured devices 130 (with these secret keys being used to secure EMMs targeted at those secure devices 130).
  • the CA system comprises an EMM generator (EMMG) and an ECM generator (ECMG) that generate EMMs and ECMs respectively - this is coordinated by a subscriber management system (SMS).
  • EMMG EMM generator
  • ECMG ECM generator
  • SMS subscriber management system
  • CW is generated by a CW generator CWG (which may also act as a Simulcrypt
  • the SMS uses the generated CW and, based on the subscriber information from the subscriber database and the key information from the key ladder database, instructs the ECMG to generate ECMs containing the CW and instructs the EMMG to generate EMMs associated with the generated ECMs and targeted at specific authorised subscribers (or their secured devices 130).
  • the content of an ECM is encrypted using a key PK.
  • the key PK is contained in an associated EMM.
  • the content of the EMM is encrypted using a key associated with a target secured module 130 (this key being retrieved by the SMS from the subscriber database).
  • An EMM may, additionally or alternatively, contain a session key LK together with an encrypted form of that session key ⁇ LK ⁇ C SUK (encrypted using the CSUK of a target receiver device 122).
  • the content provider system 102 comprises a multiplexer that multiplexes together (a) a content data stream; (b) a data stream comprising the EMMs generated by the EMMG; and (c) a data stream comprising the ECMs generated by the ECMG - the multiplexer outputs a transport stream.
  • a scrambler then scrambles portions of the content data stream in the transport stream using the generated CW. This scrambled transport stream may then be communicated to receivers 106 via the network 104.
  • the above description of figure 1 b is well- known in this field of technology and shall not be described in more detail herein.
  • the inventors have realised that, should the key ladder (or the key ladder module 200) be compromised by an attacker, then this can have serious impacts on the security of the system 100.
  • Such an attack may involve the attacker managing to gain access to, or somehow deduce, one or more of the keys in the key ladder, with the result that the CWs may then be available to an unauthorised attacker. This may happen, for example, if the above-mentioned distribution of CSUKs and associated CSIDs of one or more receiver devices 122 is somehow compromised, so that these CSUKs and CSIDs are available to an attacker.
  • embodiments of the invention make active use of a plurality of key ladders in order to obtain a CW.
  • Such use of a plurality of key ladders helps improve the overall system security and makes communication of the CW (or data from which the CW may be derived) over the interface 140 more secure - i.e. an attacker is less able to obtain sufficient information to enable him to circumvent the security measures in place and thereby derive the CW.
  • This is, in part, due to the different tamper resistance characteristics of the different implementations of the key ladders (i.e. their key ladder modules).
  • the receiver device comprising the receiver device: obtaining a plurality of amounts of key data, wherein, for each amount of key data, said obtaining comprises using one or more corresponding keys to obtain said amount of key data from a secured form of said amount of key data received by said receiver device, and wherein, for each amount of key data, said one or more corresponding keys comprises at least one key shared between the receiver device and a respective security system associated with the content provider system; and obtaining said control word using said plurality of amounts of key data.
  • each security system provides key management, including storage of the respective at least one shared key, independently of the other security systems.
  • said at least one shared key is a key established for, and stored in, the receiver device during manufacture of the receiver device.
  • said secured form of said amount of key data comprises an encrypted form of said amount of key data
  • one or more of said one or more corresponding keys are decryption keys for decrypting said encrypted form of said amount of key data.
  • said secured form of said amount of key data comprises authentication data for performing an authentication operation for said amount of key data, and one or more of said one or more corresponding keys are authentication keys for performing said
  • At least one of the corresponding one or more keys is a session decryption key shared between the receiver device a secured module interfacing with the receiver device and from which the receiver device is arranged to receive a secured form of an amount of key data. In some embodiments, for one or more of the plurality of amounts of key data, at least one of the corresponding one or more keys is a session decryption key established by the content provider system and provided to the receiver device from the content provider system.
  • the method comprises said receiver device receiving, from the secured module, an encrypted form of said session decryption key and decrypting said encrypted form of said session decryption key using one of said at least one keys shared between the receiver device and a respective security system associated with the content provider system.
  • one of said plurality of amounts of key data comprises said control word
  • obtaining said control word using said plurality of amounts of key data comprises using said plurality of amounts of key data other than said one of said plurality of amounts of key data to obtain said secured form of said one of said plurality of amounts of key data.
  • obtaining said control word using said plurality of amounts of key data comprises combining two or more of said plurality of amounts of key data.
  • obtaining said control word using said plurality of amounts of key data comprises applying a predetermined function to two or more of said plurality of amounts of key data.
  • a first one of said plurality of amounts of key data comprises said secured form of a second one of said plurality of amounts of key data.
  • Said second one of said plurality of amounts of key data may comprise said control word.
  • a first one of said plurality of amounts of key data comprises an encrypted quantity of data and a second one of said plurality of amounts of key data comprises a decryption key for decrypting said encrypted quantity of data
  • said method comprises, having obtaining said first one of said plurality of amounts of key data and said second one of said plurality of amounts of key data, using said decryption key to decrypt said encrypted quantity of data and using said decrypted quantity of data to obtain said control word.
  • Said quantity of data may comprise said control word.
  • the method may further comprise: receiving, at a secured module arranged to interface with said receiver device: said quantity of data; an encryption key corresponding to said decryption key; and said secured form of said second one of said plurality of amounts of key data; said secured module encrypting said quantity of data using said encryption key to form said first one of said plurality of amounts of key data; and said secured module providing to the receiver device said secured form of said first one of said plurality of amounts of key data and said secured form of said second one of said plurality of amounts of key data.
  • the method comprises: receiving, at a secured module arranged to interface with said receiver device: said control word; a first one of said plurality of amounts of key data; and said secured form of said first one of said plurality of amounts of key data; said secured module deriving a second one of said plurality of amounts of key data based on said control word and said first one of said plurality of amounts of key data; and said secured module providing to the receiver device said secured form of said first one of said plurality of amounts of key data and said secured form of said second one of said plurality of amounts of key data.
  • the method comprises: receiving, at a secured module arranged to interface with said receiver device: a first one of said plurality of amounts of key data; and said secured form of a second one of said plurality of amounts of key data; and said secured module providing to the receiver device said secured form of said first one of said plurality of amounts of key data and said secured form of said second one of said plurality of amounts of key data.
  • a method for a receiver device to obtain a control word for decrypting encrypted content comprising the receiver device: obtaining a plurality of amounts of key data, wherein, the receiver device obtains each amount of key data using a respective key ladder; and obtaining said control word using said plurality of amounts of key data.
  • a receiver device or a receiver system arranged to carry out one of the above-mentioned methods.
  • a method for providing key data to a receiver device to enable the receiver device to obtain a control word for decrypting encrypted content comprising:
  • a secured module arranged to interface with said receiver device: a quantity of data; an encryption key; and a secured form of a second amount of key data, said second amount of key data comprising a decryption key corresponding to said encryption key; said secured module encrypting said quantity of data using said encryption key to form a first amount of key data; and said secured module providing to the receiver device a secured form of said first amount of key data and said secured form of said second amount of key data; wherein said secured form of said second amount of key data is secured using one or more corresponding keys and said secured form of said first amount of key data is secured using one or more corresponding keys; and wherein said receiver device is a receiver device arranged to carry out a method according to the above first aspect of the invention.
  • a method for providing key data to a receiver device to enable the receiver device to obtain a control word for decrypting encrypted content comprising: receiving, at a secured module arranged to interface with said receiver device: said control word; a first amount of key data; and a secured form of said first amount of key data; said secured module deriving a second amount of key data based on said control word and said first amount of key data; and said secured module providing to the receiver device said secured form of said first amount of key data and a secured form of said second amount of key data; wherein said secured form of said second amount of key data is secured using one or more corresponding keys and said secured form of said first amount of key data is secured using one or more corresponding keys; and wherein said receiver device is a receiver device arranged to carry out a method according to the above first aspect of the invention.
  • a method for providing key data to a receiver device to enable the receiver device to obtain a control word for decrypting encrypted content comprising: receiving, at a secured module arranged to interface with said receiver device: a first amount of key data; and a secured form of a second amount of key data; and said secured module providing to the receiver device a secured form of said first amount of key data and said secured form of said second amount of key data; wherein said secured form of said second amount of key data is secured using one or more corresponding keys and said secured form of said first amount of key data is secured using one or more corresponding keys; and wherein said receiver device is a receiver device arranged to carry out a method according to a method according to the above first aspect of the invention.
  • a secured module arranged to carry out a method according to any one of the fourth to sixth aspects of the invention.
  • the secured module may be a smart card or an obfuscated software module.
  • a headend system arranged to provide, to a receiver device according to the third aspect of the invention, a control word for decrypting encrypted content , the head-end system comprising a plurality of security systems, wherein each security system stores at least one respective key shared with said receiver device.
  • a computer program which, when executed by a processor, causes the processor to carry out a method according to any one of the above-mentioned methods.
  • the computer program may be stored on a computer readable medium.
  • Figure 1a schematically illustrates a system providing secure content delivery
  • Figure 1 b schematically illustrates more details of an example content provider system
  • Figure 2a schematically illustrates the use of a so-called "key ladder” to secure a communication channel of the system of figure 1 a;
  • Figure 2b schematically illustrates an example key ladder module
  • FIGS. 3 and 4 schematically illustrate embodiments of the invention that use a plurality of key ladder modules in a serial configuration
  • FIGS. 5, 6 and 7 schematically illustrate embodiments of the invention that use a plurality of key ladder modules in a parallel configuration
  • Figure 8 schematically illustrates an embodiment of the invention that uses a plurality of key ladder modules in a combination of serial and parallel configurations
  • Figure 9 schematically illustrates more detail of a content provider system according to an embodiment of the invention.
  • the receiver device 122 is arranged to actively use a plurality of key ladders in order to obtain a CW.
  • the concept of a key ladder has been described above with reference to figures 2a and 2b.
  • key data should not be taken to mean that the amount of key data D, is itself necessarily a cryptographic key - it may be any data that the receiver device 122 may use to obtain a CW: an amount of key data D, may comprise the CW itself, or may comprise information from which another amount of key data Dj may be derived, or may comprise information from which the CW may be derived (potentially by using one or more other amounts of key data Dj).
  • Each amount of key data D is obtained by the receiver device 122 using a corresponding key ladder, i.e. the receiver device 122 obtains the amount of key data Dj using one or more corresponding keys (of a corresponding key ladder), where the amount of key data D, is obtained from a secured form ⁇ DJ of the amount of key data D, - the secured form ⁇ Dj ⁇ is the amount of key data D, secured (e.g. encrypted and/or digitally signed) using one or more keys from its corresponding key ladder.
  • the receiver device 122 may, therefore, implement, comprise or execute a plurality key ladder modules 200. It will be appreciated that a given key ladder module 200 (or at least its cryptographic functionality, such as carrying out a decryption operation, such as the "D" modules shown in figure 2b) may be used multiple times for different key ladders and different input data to obtain multiple ones of the amounts of key data Dj.
  • the receiver device 122 may implement n separate key ladder modules 200 to obtain the n respective different amounts of key data Dj based on n respective different key ladders
  • fewer than n separate key ladder modules 200 may also be used to obtain the n different amounts of key data D, with at least one of the key ladder modules 200 being used multiple times (albeit with different input data and using a different key ladder) to obtain multiple ones of the amounts of key data D,.
  • embodiments of the invention shall be described below with reference each key ladder being implemented by a corresponding key ladder module 200 in the receiver device 122, it will be appreciated that the same key ladder module 200 may, in practice, actually carry out some or all of the functionality to implement two or more of the key ladders.
  • a key ladder used by a key ladder module 200 comprises initialization data to uniquely configure that key ladder - this could be, for example, the key CSUK initialized and stored in the corresponding key ladder module 200, and known to an associated CA system or security system of the content provider system 102.
  • each key ladder comprises at least one key shared between the receiver device 122 (or, in particular, the corresponding key ladder module 200 in the receiver device 122) and a respective security system or CA system associated with the content provider system 102 - i.e. the secret key(s) of each key ladder are managed by respective different security systems at the content provider system 102.
  • Figure 9 schematically illustrates more detail of the content provider system 102 according to an embodiment of the invention.
  • Figure 9 is the same as the example illustrated in figure 1 b, except that the content provider system 102 of figure 9 comprises a key ladder security system.
  • the key ladder security system comprises its own key ladder database (separate from the key ladder database of the CA system), which comprises one or more keys of one of the key ladders used by the receiver device 122.
  • the receiver device 122 may make use of two key ladders - the first key ladder comprises at least one secret key shared between the receiver device 122 (or a corresponding key ladder module 200 of the receiver device 122) and the CA system of the content provider system 102 (with this shared key being stored in the key ladder database of the CA system and also by the corresponding key ladder module of the receiver device 122); the second key ladder comprises at least one secret key 200 shared between the receiver device 122 (or a corresponding key ladder module of the receiver device 122) and the key ladder security system of the content provider system 102 (with this shared key being stored in the key ladder database of the key ladder security system and also by the corresponding key ladder module of the receiver device 122).
  • the secret keys shared between the CA system and the receiver device 122 for the first key ladder are
  • the CA system and the key ladder security system are independent of each other and do not share their secret keys.
  • the CA system and key ladder security system are, preferably, operated by different entities.
  • the content provider system 102 may make use of the CA system to manage, store and use at least secret key for one of those key ladders and may make use of (n-1 ) independent key ladder security systems to manage, store and use at least one secret key for respective ones of the other (n-1 ) key ladders.
  • the various key ladder security systems may be run by separate respective third parties, distinct from the CA provider operating the CA system of the content provider system 102.
  • the various key ladder security systems generally are not involved in the subscriber management aspects of the content delivery (i.e. they do not have corresponding subscriber databases and are not involved with payments/authorisations/entitlements etc.
  • the SMS of the content provider system 102 may then receive data from the (n-1 ) key ladder security systems for use in generating EMMs, as shall be described below in more detail.
  • the key ladder security systems and the CA systems involved in embodiments of the invention may be located together at the content provider system, or they may be at separate locations (to increase security). Moreover, the key ladder security systems and the CA systems involved in embodiments of the invention may distributed over multiple content provider systems 102 e.g. the CA system may be part of a first content provider system 102 whilst one or more of the key ladder security systems may be part of a second content provider system 102 independent of the first content provider system 102.
  • CA system and the or each key ladder security system of the content provider system 102 shall be referred to as a "security system" where the distinction between a CA system and a key ladder security system does not matter.
  • Figure 3 schematically illustrates a first embodiment using a plurality of key ladder modules 200.
  • two keys ladders are
  • a first key ladder module 200a performs processing for the first key ladder and a second key ladder module 200b performs processing for the second key ladder.
  • the first key ladder comprises a session key LK and a secret key CSUK-a of the first key ladder module 200a - this secret key CSUK-a may be a secret known to a first security system of the content provider system 102 (i.e. shared between the first key ladder module 200a and the first security system).
  • the content provider system 102 may communicate an EMM to the secured module 130 - this EMM may contain the session key LK and may also contain the session key LK encrypted using the key CSUK-a, i.e.
  • the first security system may generate the session key LK, encrypt the session key using the secret key CSUK-a from its key ladder database, and provide both the session key LK and the encrypted session key ⁇ LK ⁇ csuK-a to the SMS of the content provider system 102 - the SMS may then instruct the EMMG to generate an EMM containing the session key LK and the encrypted session key ⁇ LK ⁇ csuK-a-
  • the secured module 130 upon accessing the EMM, may then (a) obtain the session key LK itself; and (b) provide the encrypted session key ⁇ LK ⁇ C suK-a to the first key ladder module 200a.
  • the first key ladder module 200a may then use the secret key CSUK-a that it stores to decrypt the encrypted session key ⁇ LK ⁇ csuK-a to thereby obtain the session key LK. In this way, both the secured module 130 and the first key ladder module 200a may share a session key LK.
  • the second key ladder comprises a session key SK and a secret key CSUK-b of the second key ladder module 200b - this secret key CSUK-b may be a secret known to a second security system of the content provider system 102 (i.e. shared between the second key ladder module 200b and the second security system).
  • the first security system is different from the second security system.
  • the content provider system 102 may communicate an EMM to the secured module 130 - this EMM may contain the session key SK encrypted using the key CSUK-b, i.e.
  • the second security system may generate the session key SK, encrypt the session key using the secret key CSUK-b from its key ladder database, and provide the encrypted session key ⁇ SK ⁇ csuK-b to the SMS of the content provider system 102 - the SMS may then instruct the EMMG to generate an EMM containing the encrypted session key ⁇ SK ⁇ csuK-b-
  • the secured module 130 upon accessing the EMM, may then provide the encrypted session key ⁇ SK ⁇ C suK-b to the second key ladder module 200b.
  • the second key ladder module 200b may then use the secret key CSUK-b that it stores to decrypt the encrypted session key ⁇ SK ⁇ csuK-b to thereby obtain the session key SK. It will be appreciated that other methods for establishing the session key SK between the secured module 130 and the content provider system 102 may be used.
  • the secured module 130 receives the encrypted control word ⁇ CW ⁇ SK ⁇ PK (e.g. in an ECM) - in particular, the CW has been encrypted by the content provider system 102 (or the second security system of the content provider system 102) using the session key SK to obtain ⁇ CW ⁇ s « and this encrypted form of the CW has itself been encrypted by the content provider system 102 using the key PK to obtain ⁇ CW ⁇ SK ⁇ PK- Assuming that the secured module 130 has access to the key PK (e.g.
  • the secured module 130 can decrypt the received ⁇ CW ⁇ SK ⁇ PK to obtain ⁇ CW ⁇ S K-
  • the secured module 130 may then use the session key LK to encrypt the obtained ⁇ CW ⁇ S K to form ⁇ CW ⁇ S K ⁇ LK-
  • the secured module 130 may then provide the ⁇ CW ⁇ S K ⁇ LK to the receiver device 122 over the interface 140.
  • the first key ladder module 200a knowing the session key LK, can decrypt the received ⁇ CW ⁇ S ⁇ LK to obtain the ⁇ CW ⁇ S K, which the first key ladder module 200a passes to the second key ladder module 200b.
  • the second key ladder module 200b knowing the session key SK, can decrypt the obtained ⁇ CW ⁇ S K to obtain the CW.
  • the receiver device 122 obtains, using corresponding keys (from a corresponding key ladder), each amount of key data from a respective secured form of that amount of key data: D is obtained from a secured form of Di, namely ⁇ CW ⁇ S K ⁇ LK, using a session key LK; D 2 is obtained from a secured form of D 2 , namely ⁇ CW ⁇ SK, using a session key SK.
  • the receiver device 122 obtains the CW using these plurality of obtained amounts of key data - the first amount of key data Di is used to obtain the second amount of key data D 2 , and the second amount of key data D 2 comprises and therefore provides the CW.
  • Figure 4 schematically illustrates a second embodiment using a plurality of key ladder modules 200. In particular, in figure 4 two keys ladders are
  • a first key ladder module 200c performs processing for the first key ladder and a second key ladder module 200d performs processing for the second key ladder.
  • the first key ladder comprises a session key LK and a secret key CSUK-c of the first key ladder module 200c - this secret key CSUK-c may be a secret known to a first security system of the content provider system 102 (i.e. shared between the first key ladder module 200c and the first security system).
  • the session key LK may be shared/established between the secured module 130 and the first key ladder module 200c in the same manner as set out above for the session key LK of figure 3.
  • the second key ladder comprises a session key SK and a secret key CSUK-d of the second key ladder module 200d - this secret key CSUK-d may be a secret known to a second security system of the content provider system 102 (i.e. shared between the second key ladder module 200d and the second security system).
  • the first security system is different from the second security system.
  • the session key SK may be shared/established between the secured module 130 and the second key ladder module 200d in the same manner as set out above for the session key LK of figure 3.
  • the secured module 130 is also aware of the session key SK, whereas in the embodiment of figure 3, the secured module 130 need not necessarily be aware of the session key SK.
  • the secured module 130 receives the encrypted control word ⁇ CW ⁇ PK (e.g. in an ECM) - in particular, the CW has been encrypted by the content provider system 102 using the key PK to obtain ⁇ CW ⁇ PK . Assuming that the secured module 130 has access to the key PK (e.g. if an EMM containing the key PK has been sent to the secured module 130), then the secured module 130 can decrypt the received ⁇ CW ⁇ P K to obtain the CW.
  • the key PK e.g. if an EMM containing the key PK has been sent to the secured module 130
  • the secured module 130 may then use the session key SK to encrypt the obtained CW to form ⁇ CW ⁇ S -
  • the secured module 130 may then use the session key LK to encrypt the obtained ⁇ CW ⁇ s « to form ⁇ CW ⁇ SK ⁇ LK-
  • the secured module 130 may then provide the ⁇ CW ⁇ SK ⁇ LK to the receiver device 122 over the interface 140.
  • the first key ladder module 200c knowing the session key LK, can decrypt the received ⁇ CW ⁇ SK ⁇ LK to obtain the ⁇ CW ⁇ sK, which the first key ladder module 200c passes to the second key ladder module 200d.
  • the second key ladder module 200d knowing the session key SK, can decrypt the obtained ⁇ CW ⁇ s « to obtain the CW.
  • the receiver device 122 obtains, using corresponding keys (from a corresponding key ladder), each amount of key data from a respective secured form of that amount of key data: Di is obtained from a secured form of D-i, namely ⁇ CW ⁇ SK ⁇ LK, using a session key LK; D 2 is obtained from a secured form of D 2 , namely ⁇ CW ⁇ s «, using a session key SK.
  • the receiver device 122 obtains the CW using these plurality of obtained amounts of key data - the first amount of key data Di is used to obtain the second amount of key data D 2 , and the second amount of key data D2 comprises and therefore provides the CW.
  • This first embodiment is more bandwidth efficient than the second embodiment, as in the first embodiment the content provider system 102 does not need to communicate the session key SK itself (in addition to the encrypted form of the session key SK) in an EMM to the secured module 130 over the network 104. Moreover, an advantage of the first embodiment is that it does not require a modification of the secured module 130 and, additionally, the
  • the session key SK in the second embodiment may be unique to the secured module 130, whereas in the first embodiment the same session SK is likely to be used across multiple secured modules 130 - hence security may be improved in the second embodiment.
  • the key ladder modules 200 are in series, i.e. the output of one of the key ladder modules 200a, 200c is provided as an input to a subsequent key ladder module 200b, 200d. It will be appreciated that whilst the first and second embodiments are described with respect to two key ladder modules in series, embodiments of the invention may make use of more than two key ladder modules in series.
  • one of the plurality of amounts of key data D comprises target data (e.g. the CW) that is to be output from the series arrangement of key ladder modules 200, and the other amounts of key data Di, ...,Dj-i ,Dj + i,...,Dn are used to obtain the secured form ⁇ Dj ⁇ of that key data Di.
  • each of the amounts of key data Di, ...,DM,Dj+i, ...,D n other than the amount of key data Dj that comprises the target data comprises the secured form of a respective one of the amounts of key data.
  • the amount of key data that comprises the target data e.g.
  • D n- i may be the secured form of D n , i.e. ⁇ D n ⁇
  • D n- 2 may be the secured form of D n- i , i.e. ⁇ D n- i ⁇ , ...
  • Di may be the secured form of D 2 , i.e.
  • the first amount of key data Di is used to obtain the second amount of key data D 2 (in that decrypting the secured form of the first amount of key data ⁇ D-i ⁇ provides the secured form of the second amount of key data ⁇ D 2 ⁇ )
  • the second amount of key data D 2 is used to obtain the third amount of key data D 3 (in that decrypting the secured form of the second amount of key data ⁇ D 2 ⁇ provides the secured form of the third amount of key data ⁇ D3 ⁇ )
  • the (n-1 ) th amount of key data D n- i is used to obtain the n th amount of key data D n (in that decrypting the secured form of the (n-1 ) th amount of key data ⁇ D n- i ⁇ provides the secured form of the n th amount of key data ⁇ D n ⁇ ).
  • Figure 5 schematically illustrates a third embodiment using a plurality of key ladder modules 200.
  • two keys ladders are
  • a first key ladder module 200e performs processing for the first key ladder and a second key ladder module 200f performs processing for the second key ladder.
  • the first key ladder comprises a session key LK and a secret key CSUK-e of the first key ladder module 200e - this secret key CSUK-e may be a secret known to a first security system of the content provider system 102 (i.e. shared between the first key ladder module 200e and the first security system).
  • the session key LK may be shared/established between the secured module 130 and the first key ladder module 200e in the same manner as set out above for the session key LK of figure 3.
  • the second key ladder comprises a session key SK and a secret key CSUK-f of the second key ladder module 200f - this secret key CSUK-f may be a secret known to a second security system of the content provider system 102 (i.e. shared between the second key ladder module 200f and the second security system).
  • the first security system is different from the second security system.
  • the session key SK may be provided to the second key ladder module 200f in the same manner as set out above for the session key SK of figure 3.
  • the secured module 130 does not necessarily know the session key SK.
  • the session key SK may be
  • the CW may be formed (or derived or obtained or calculated) as a predetermined function of, or as a combination of, or based upon, two components Ci and C 2 .
  • the CW may be an XOR of Ci and C 2 .
  • the CW may be formed by applying a hash function to a concatenation of Ci and C2.
  • a hash function to a concatenation of Ci and C2.
  • the secured module 130 receives two amounts of encrypted data (e.g. via respective ECMs): the first component Ci encrypted using the key PK to obtain ⁇ CI ⁇ PK, and the second component C 2 encrypted using the session key SK to obtain ⁇ C 2 ⁇ SK-
  • the component C 2 , and its respective encrypted version ⁇ C 2 ⁇ SK. may be generated and provided by the above second security system (which knows the session key SK).
  • the component Ci, and its respective encrypted version ⁇ CI ⁇ P «, may be generated and provided by the above second security system, the first security system or another security system of the content provider system 102. Assuming that the secured module 130 has access to the key PK (e.g.
  • the secured module 130 can decrypt the received ⁇ CI ⁇ P « to obtain the first component C
  • the secured module 130 may then use the session key LK to encrypt the obtained first component Ci to form ⁇ CI ⁇ L K-
  • the secured module 130 may then provide ⁇ C-IJLK to the first key ladder module 200e and may provide ⁇ C 2 ⁇ SK to the second key ladder module 200f.
  • the first key ladder module 200e knowing the session key LK, can decrypt the received ⁇ CI ⁇ L K to obtain the first component Ci.
  • the second key ladder module 200f knowing the session key SK, can decrypt the obtained ⁇ C 2 ⁇ SK to obtain the second component C 2 .
  • the receiver device 122 comprises a generation module 210a which receives, as its inputs, the first component Ci from the first key ladder module 200e and the second component C 2 from the second key ladder module 200f.
  • the generation module 210a is arranged to generate and output the CW based on the two components Ci and C 2 , using a method as discussed above.
  • the receiver device 122 obtains, using corresponding keys (from a corresponding key ladder), each amount of key data from a respective secured form of that amount of key data: Di is obtained from a secured form of D-i, namely ⁇ C-I ⁇ LK > using a session key LK; D 2 is obtained from a secured form of D2, namely ⁇ C2 ⁇ SK, using a session key SK.
  • the receiver device 122 obtains the CW using these plurality of obtained amounts of key data - the generation module 210a generates the CW as a predetermined function of, or as a combination of, or based upon, the two components Ci and C 2 .
  • the content delivery system 102 may generate and update the two components Ci and C 2 according to any suitable update cycle (or rate or frequency or policy), and they may have their own respective update cycles (potentially independent of, and potentially different from, each other). It will be appreciated that the rate at which the CW is updated will depend on the rate of which the components Ci and C 2 are updated and, in particular, the CW will be updated whenever at least one of the components Ci and C 2 is updated. Both of the components Ci and C 2 could be updated relatively frequently (e.g. once every couple of seconds); alternatively, one of the components may be kept relatively static (e.g. only being updated once every couple of hours, days, etc.).
  • the second component C 2 may be kept relatively static with the first component Ci being updated on a more frequent basis (e.g. once every few seconds) - this means that the secured module 130 can store the ⁇ C 2 >S and that this value does not need to be transmitted from the content provider system 102 to the secured module 130 as part of a normal key update (ECM) but only less frequently (thereby making the communication between the content provider system 102 and the secured module 130 over the network 104 more bandwidth efficient).
  • ECM normal key update
  • Figure 6 schematically illustrates a fourth embodiment using a plurality of key ladder modules 200.
  • two keys ladders are
  • a first key ladder module 200g performs processing for the first key ladder and a second key ladder module 200h performs processing for the second key ladder.
  • the first key ladder comprises a session key LK and a secret key CSUK-g of the first key ladder module 200g - this secret key CSUK-g may be a secret known to a first security system of the content provider system 102 (i.e. shared between the first key ladder module 200g and the first security system).
  • the session key LK may be shared/established between the secured module 130 and the first key ladder module 200g in the same manner as set out above for the session key LK of figure 3.
  • the second key ladder comprises a session key SK and a secret key
  • CSUK-h of the second key ladder module 200h - this secret key CSUK-h may be a secret known to a second security system of the content provider system 102 (i.e. shared between the second key ladder module 200h and the second security system).
  • the first security system is different from the second security system.
  • the session key SK may be provided to the second key ladder module 200h in the same manner as set out above for the session key SK of figure 3.
  • the secured module 130 does not necessarily know the session key SK.
  • the session key SK may be
  • the CW may be formed (or derived or obtained or calculated) as a predetermined function of, or as a combination of, or based upon, two components Ci and C 2 .
  • the CW may be an XOR of Ci and C 2 .
  • the CW may be formed by applying a hash function to a concatenation of Ci and C 2 .
  • the secured module 130 receives two amounts of encrypted data: the CW encrypted using the key PK to obtain ⁇ CW ⁇ PK , and the pair made up of the second component C 2 and the second component C 2 encrypted using the session key SK to obtain ⁇ C 2 ⁇ SK, with this pair being encrypted using a key UK that is specific to, or unique to, the secured module 130 (or to a group of secured modules 130), i.e. ⁇ C 2 , ⁇ C 2 ⁇ SK ⁇ UK-
  • the component C 2 and its respective encrypted version ⁇ C 2 ⁇ S K, may be generated and provided by the above second security system (which knows the session key SK).
  • the component C-i, and its respective encrypted version ⁇ CI ⁇ P «, may be generated and provided by the above second security system, the first security system or another security system of the content provider system 102.
  • the ⁇ CW ⁇ PK may be received at the secured module 130 within an ECM; the pair C 2 , ⁇ C 2 ⁇ S K may be received at the secured module 130 within an EMM for the secured module 130 (and therefore secured using a unique key UK for the secured module 130).
  • the secured module 130 has access to the key PK (e.g. if an EMM containing the key PK has been sent to the secured module 130), then the secured module 130 can decrypt the received ⁇ CW ⁇ PK to obtain the CW.
  • the secured module 130 can decrypt the received ⁇ C2, ⁇ C2 ⁇ SK ⁇ UK using the unique key UK to obtain both the second component C2 and the encrypted form of the second component ⁇ C 2 ⁇ S -
  • the secured module 130 may then use the CW and the second component C 2 to generate the first component Ci - this is performed in a manner such that the CW may be re-generated from the first component Ci and the second component C2. For example, if the CW is to be generated from the components Ci and C 2 by XORing these two components Ci and C 2 together, then the first component Ci may be generated by XORing the CW and the second component C 2 .
  • the secured module 130 may then use the session key LK to encrypt the obtained first component Ci to form ⁇ C- I ⁇ L K-
  • the secured module 130 may then provide ⁇ C I ⁇ LK to the first key ladder module 200g and may provide ⁇ C2 ⁇ S K to the second key ladder module 200h.
  • the first key ladder module 200g knowing the session key LK, can decrypt the received ⁇ CI ⁇ LK to obtain the first component Ci.
  • the second key ladder module 200h knowing the session key SK, can decrypt the obtained ⁇ C 2 ⁇ S K to obtain the second component C 2 .
  • the receiver device 122 comprises a generation module 210b which receives, as its inputs, the first component Ci from the first key ladder module 200g and the second component C 2 from the second key ladder module 200h.
  • the generation module 210b is arranged to generate and output the CW based on the two components Ci and C 2 , using a method as discussed above.
  • the receiver device 122 obtains, using corresponding keys (from a corresponding key ladder), each amount of key data from a respective secured form of that amount of key data: Di is obtained from a secured form of D-i, namely ⁇ CI ⁇ LK, using a session key LK; D 2 is obtained from a secured form of D 2 , namely ⁇ C 2 ⁇ SK, using a session key SK.
  • the receiver device 122 obtains the CW using these plurality of obtained amounts of key data - the generation module 210b generates the CW as a predetermined function of, or as a combination of, or based upon, the two components Ci and C 2 .
  • the second component C 2 may have been communicated in its secured for ⁇ C 2 ⁇ SK to a plurality of receivers 106.
  • the above fourth embodiment makes it easier to make the second component C 2 unique or individual to specific receivers 106, as the second component C 2 and its secured form ⁇ C 2 ⁇ SK are provided in a communication (e.g. an EMM) that is specific to the secured module 130 and, therefore, the second component C 2 can more readily be individualized for individual secured modules 130. This helps improve the overall security.
  • a communication e.g. an EMM
  • Figure 7 schematically illustrates a fifth embodiment using a plurality of key ladder modules 200.
  • two keys ladders are
  • a first key ladder module 200i performs processing for the first key ladder and a second key ladder module 200j performs processing for the second key ladder.
  • the first key ladder comprises a session key LK and a secret key CSUK-i of the first key ladder module 200i - this secret key CSUK-i may be a secret known to a first security system of the content provider system 102 (i.e. shared between the first key ladder module 200i and the first security system).
  • the session key LK may be shared/established between the secured module 130 and the first key ladder module 200i in the same manner as set out above for the session key LK of figure 3.
  • the second key ladder comprises a session key SK and a secret key CSUK-j of the second key ladder module 200j - this secret key CSUK-j may be a secret known to a second security system of the content provider system 102 (i.e. shared between the second key ladder module 200j and the second security system).
  • the first security system is different from the second security system.
  • the session key SK may be provided to the second key ladder module 200j in the same manner as set out above for the session key SK of figure 3.
  • the secured module 130 does not necessarily know the session key SK.
  • the session key SK may be shared/established between the secured module 130 and the second key ladder module 200j in the same manner as set out above for the session key LK of figure 3.
  • the secured module 130 receives two amounts of encrypted data: the CW encrypted using the key PK to obtain ⁇ CW ⁇ PK , and the pair made up of a data value C 2 and the data value C 2 encrypted using the session key SK to obtain ⁇ C 2 ⁇ SK, with this pair being encrypted using a key UK that is specific to, or unique to, the secured module 130 (or to a group of secured modules 130), i.e.
  • the component C 2) and its respective encrypted version ⁇ C 2 ⁇ SK may be generated and provided by the above second security system (which knows the session key SK).
  • the component C-i and its respective encrypted version ⁇ CI ⁇ PK, may be generated and provided by the above second security system, the first security system or another security system of the content provider system 102.
  • the ⁇ CW ⁇ PK may be received at the secured module 130 within an ECM; the pair C 2 , ⁇ C 2 ⁇ SK may be received at the secured module 130 within an EMM for the secured module 130 (and therefore secured using a unique key UK for the secured module 130). Assuming that the secured module 130 has access to the key PK (e.g.
  • the secured module 130 can decrypt the received ⁇ CW ⁇ PK to obtain the CW.
  • the secured module 130 can decrypt the received ⁇ C 2 , ⁇ C 2 ⁇ SK ⁇ UK using the unique key UK to obtain both the data value C 2 and the encrypted form of the data value ⁇ C 2 ⁇ SK-
  • the secured module 130 may then use the data value C 2 to encrypt the CW, to obtain a secured version of CW, namely ⁇ CW ⁇ C2 .
  • the secured module 130 may then use the session key LK to encrypt the ⁇ CW ⁇ C2 to form ⁇ CW ⁇ C2 ⁇ LK .
  • the secured module 130 may then provide ⁇ CW ⁇ C2 ⁇ LK to the first key ladder module 200i and may provide ⁇ C 2 ⁇ SK to the second key ladder module 200j.
  • the first key ladder module 200i knowing the session key LK, can decrypt the received ⁇ CW ⁇ C ⁇ LK to obtain the value ⁇ CW ⁇ C2 .
  • the second key ladder module 200J knowing the session key SK, can decrypt the obtained ⁇ C 2 ⁇ S to obtain the data value C 2 .
  • the receiver device 122 comprises a generation module 210c which receives, as its inputs, the value ⁇ CW ⁇ C2 from the first key ladder module 200i and the data value C 2 from the second key ladder module 200j.
  • the generation module 210c is arranged to generate and output the CW by decrypting the ⁇ CW ⁇ C2 using the data value C 2 as a decryption key.
  • the receiver device 122 obtains, using corresponding keys (from a corresponding key ladder), each amount of key data from a respective secured form of that amount of key data: Di is obtained from a secured form of D-i, namely ⁇ CW ⁇ C2 ⁇ LK , using a session key
  • D 2 is obtained from a secured form of D 2 , namely ⁇ C 2 ⁇ SK, using a session key SK.
  • the receiver device 122 obtains the CW using these plurality of obtained amounts of key data - the generation module 210c generates the CW by decrypting the first amount of key data Di using the second amount of key data D 2 as a decryption key.
  • the key ladder modules 200 are in parallel (in contrast to the series arrangements of the first and second embodiments). It will be appreciated that whilst the third, fourth and fifth embodiments are described with respect to two key ladder modules in parallel, embodiments of the invention may make use of more than two key ladder modules in parallel. Similarly, whilst the third, fourth and fifth embodiments are described with the secured module 130 receiving two amounts of data as its input, it will be appreciated that the secured module 130 may receive different amounts of data as its input - for example, the third embodiment could be modified so that the secured module 130 receives m components Ci,...,C m and that these components are handled by respective key ladder modules 200 in an analogous manner to those shown in figure 5. It will be appreciated that embodiments of the invention may implement a combination of series and parallel configurations of key ladder modules 200. An example of this is schematically illustrated in figure 8, although it will be
  • a first key ladder module 200x performs processing for the first key ladder
  • a second key ladder module 200y performs processing for the second key ladder
  • a third key ladder module 200z performs processing for the third key ladder.
  • the first key ladder comprises a session key LK and a secret key CSUK-x of the first key ladder module 200x - this secret key CSUK-x may be a secret known to a first security system of the content provider system 102 (i.e. shared between the first key ladder module 200x and the first security system).
  • the session key LK may be shared/established between the secured module 130 and the first key ladder module 200x in the same manner as set out above for the session key LK of figure 3.
  • the second key ladder comprises a session key TK and a secret key CSUK-y of the first key ladder module 200y - this secret key CSUK-y may be a secret known to a second security system of the content provider system 102 (i.e. shared between the second key ladder module 200y and the second security system).
  • the first security system is different from the second security system.
  • the session key TK may be shared/established between the secured module 130 and the second key ladder module 200y in the same manner as set out above for the session key LK of figure 3.
  • the third key ladder comprises a session key SK and a secret key
  • CSUK-z of the third key ladder module 200z - this secret key CSUK-z may be a secret known to a third security system of the content provider system 102 (i.e. shared between the third key ladder module 200z and the third security system).
  • the third security system is different from both the first and the second security systems.
  • the session key SK may be provided to the third key ladder module 200z in the same manner as set out above for the session key SK of figure 3.
  • the secured module 130 does not necessarily know the session key SK.
  • the session key SK may be shared/established between the secured module 130 and the third key ladder module 200z in the same manner as set out above for the session key LK of figure 3.
  • the secured module 130 receives two amounts of encrypted data: the CW encrypted using the key PK to obtain ⁇ CW ⁇ PK , and the pair made up of a data value C2 and the data value C 2 encrypted using the session key SK to obtain ⁇ C2 ⁇ SK, with this pair being encrypted using a key UK that is specific to, or unique to, the secured module 130 (or to a group of secured modules 130), i.e.
  • the component C2, and its respective encrypted version ⁇ C2 ⁇ SK may be generated and provided by the above third security system (which knows the session key SK).
  • the component Ci and its respective encrypted version ⁇ CI ⁇ P , may be generated and provided by the above third security system, the second security system, the first security system or another security system of the content provider system 102.
  • the ⁇ CW ⁇ PK may be received at the secured module 130 within an ECM; the pair C 2 , ⁇ C2 ⁇ SK may be received at the secured module 130 within an EMM for the secured module 130 (and therefore secured using a unique key UK for the secured module 130). Assuming that the secured module 130 has access to the key PK (e.g.
  • the secured module 130 can decrypt the received ⁇ CW ⁇ PK to obtain the CW.
  • the secured module 130 can decrypt the received ⁇ C 2 , ⁇ C2 ⁇ SK ⁇ UK using the unique key UK to obtain both the data value C2 and the encrypted form of the data value ⁇ C2>SK-
  • the secured module 130 may then use the data value C2 to encrypt the CW, to obtain a secured version of CW, namely ⁇ CW ⁇ - 2 .
  • the secured module 130 may then use the session key TK to encrypt the ⁇ CW ⁇ C2 to form ⁇ CW ⁇ C2 ⁇ TK .
  • the secured module 130 may then use the session key LK to encrypt the ⁇ CW ⁇ C2 ⁇ TK to form
  • the secured module 130 may then provide ⁇ CW ⁇ C ⁇ TK ⁇ LK to the first key ladder module 200x and may provide ⁇ C2 ⁇ SK to the third key ladder module 200z.
  • the first key ladder module 200x knowing the session key LK, can decrypt the received ⁇ CW ⁇ C2 ⁇ TK ⁇ LK to obtain the value ⁇ CW ⁇ C2 ⁇ TK .
  • the first key ladder module 200x may output the value ⁇ CW ⁇ C2 ⁇ TK to the second key ladder module 200y.
  • the second key ladder module 200y knowing the session key TK, can decrypt the received ⁇ CW ⁇ C2 ⁇ TK to obtain the value ⁇ CW ⁇ C2 .
  • the third key ladder module 200z knowing the session key SK, can decrypt the obtained ⁇ C 2 ⁇ SK to obtain the data value C 2 .
  • the receiver device 122 comprises a generation module 21 Od which receives, as its inputs, the value ⁇ CW ⁇ C2 from the second key ladder module 200y and the data value C 2 from the third key ladder module 200z.
  • the generation module 21 Od is arranged to generate and output the CW by decrypting the ⁇ CW ⁇ C2 using the data value C 2 as a decryption key.
  • the receiver device 122 obtains, using corresponding keys (from a corresponding key ladder), each amount of key data from a respective secured form of that amount of key data: Di is obtained from a secured form of D-i, namely ⁇ CW ⁇ C2 ⁇ TK , using a session key TK; D 2 is obtained from a secured form of D 2 , namely
  • D3 is obtained from a secured form of D 3 , namely ⁇ C 2 ⁇ S K, using a session key SK.
  • the receiver device 122 obtains the CW using these plurality of obtained amounts of key data - the generation module 21 Od generates the CW by decrypting the first amount of key data Di using the third amount of key data D 3 as a decryption key, the first amount of key data Di having been generated or obtained from the second amount of key data D 2 .
  • this embodiment makes use of two key ladder modules 200x and 200y in a series configuration, where this series configuration is in parallel with a third key ladder module 200z.
  • this series configuration is in parallel with a third key ladder module 200z.
  • the receiver device 122 may control the flow of data between the different key ladder modules 200 to generate and produce the CW
  • these are merely illustrative to show the operation of multiple key ladders and multiple key ladder modules 200.
  • other configurations of key ladder modules 200, and other types and amounts of key data Dj protected via respective key ladders may be used instead in different embodiments of the invention.
  • the key ladder modules 200 may make use of any suitable cryptographic algorithms, mechanisms and protocols.
  • any encryption/decryption algorithm could be use - these may include symmetric encryption/decryption algorithms (such as AES, DES, etc.); these may include asymmetric encryption algorithms (such as RSA, elliptic curve cryptography, etc.).
  • the key ladder implemented by the key ladder module 200a has been described above as comprising the secret key CSUK-a and the session key LK
  • the key ladder may comprise further keys by which.
  • the key ladder implemented by the key ladder module 200b has been described above as comprising the secret key CSUK-b and the session key SK
  • the key ladder may comprise further. It will be appreciated that the same applies analogously to the other key ladders and key ladder modules 200 of the other embodiments described above. It will also be appreciated that embodiments of the invention may make use of key ladders and key ladder modules that operate differently from the session key SK/LK versions discussed above.
  • modules may be implemented as hardware and/or software.
  • the above- mentioned modules may be implemented as one or more software components for execution by a processor of the system, for example as obfuscated software or firmware, potentially for execution in a secure processing environment.
  • the above-mentioned modules may be implemented as hardware, such as on one or more field-programmable-gate-arrays (FPGAs), and/or one or more application-specific-integrated-circuits (ASICs), and/or one or more digital- signal-processors (DSPs), and/or other hardware arrangements.
  • FPGAs field-programmable-gate-arrays
  • ASICs application-specific-integrated-circuits
  • DSPs digital- signal-processors
  • the computer program may have one or more program instructions, or program code, which, when executed by a computer carries out an embodiment of the invention.
  • program may be a sequence of instructions designed for execution on a computer system, and may include a subroutine, a function, a procedure, an object method, an object implementation, an executable
  • the storage medium may be a magnetic disc (such as a hard drive or a floppy disc), an optical disc (such as a CD-ROM, a DVD-ROM or a BluRay disc), or a memory (such as a ROM, a RAM, EEPROM, EPROM, Flash memory or a portable/removable memory device), etc.
  • the transmission medium may be a communications signal, a data broadcast, a communications link between two or more computers, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Multimedia (AREA)
  • Storage Device Security (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

L'invention concerne un procédé pour un dispositif récepteur permettant d'obtenir un mot de contrôle, le mot de contrôle permettant de décrypter un contenu crypté reçu d'un système fournisseur de contenu. Selon le procédé, le dispositif récepteur : obtient une pluralité de quantités de données-clés, l'obtention consistant, pour chaque quantité de données-clés, à utiliser une ou plusieurs clés correspondantes pour obtenir ladite quantité de données-clés à partir d'une forme sécurisée de ladite quantité de données-clés reçues par ledit dispositif récepteur, et ladite ou lesdites clés correspondantes comprenant, pour chaque quantité de données-clé, au moins une clé partagée par le dispositif récepteur et un système de sécurité respectif associé au système fournisseur de contenu; et obtient ledit mot de contrôle au moyen de ladite pluralité de quantités de données-clés.
PCT/EP2013/062176 2012-06-13 2013-06-12 Obtention de mots de contrôle au moyen de multiples échelles de clés WO2013186274A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB201210472A GB201210472D0 (en) 2012-06-13 2012-06-13 Obtaining control words
GB1210472.5 2012-06-13

Publications (1)

Publication Number Publication Date
WO2013186274A1 true WO2013186274A1 (fr) 2013-12-19

Family

ID=46605886

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2013/062176 WO2013186274A1 (fr) 2012-06-13 2013-06-12 Obtention de mots de contrôle au moyen de multiples échelles de clés

Country Status (2)

Country Link
GB (1) GB201210472D0 (fr)
WO (1) WO2013186274A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3236632A1 (fr) * 2016-04-20 2017-10-25 EVIO POLSKA sp. z o. o. Procede et dispositif permettant l'application d'un systeme de controle d'acces a la protection des flux video en mode direct
US10303857B2 (en) 2014-10-22 2019-05-28 Irdeto B.V. Providing access to content

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008083363A1 (fr) * 2006-12-28 2008-07-10 Intel Corporation Protection de clés de chiffrement de marchand indépendantes avec une clé de chiffrement primaire commune
EP2129116A1 (fr) * 2008-05-29 2009-12-02 Nagravision S.A. Unité et méthode de traitement sécurisé de données audio/vidéo à accès contrôlé
EP2227015A2 (fr) * 2009-03-02 2010-09-08 Irdeto Access B.V. Traitement de droits conditionnels pour obtenir un mot de commande
EP2461564A1 (fr) * 2010-12-01 2012-06-06 Irdeto B.V. Protocole de transport de clé

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008083363A1 (fr) * 2006-12-28 2008-07-10 Intel Corporation Protection de clés de chiffrement de marchand indépendantes avec une clé de chiffrement primaire commune
EP2129116A1 (fr) * 2008-05-29 2009-12-02 Nagravision S.A. Unité et méthode de traitement sécurisé de données audio/vidéo à accès contrôlé
EP2227015A2 (fr) * 2009-03-02 2010-09-08 Irdeto Access B.V. Traitement de droits conditionnels pour obtenir un mot de commande
EP2461564A1 (fr) * 2010-12-01 2012-06-06 Irdeto B.V. Protocole de transport de clé

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10303857B2 (en) 2014-10-22 2019-05-28 Irdeto B.V. Providing access to content
EP3236632A1 (fr) * 2016-04-20 2017-10-25 EVIO POLSKA sp. z o. o. Procede et dispositif permettant l'application d'un systeme de controle d'acces a la protection des flux video en mode direct
FR3050599A1 (fr) * 2016-04-20 2017-10-27 Evio Polska Sp Z O O Procede et dispositif permettant l'application d'un systeme de controle d'acces a la protection des flux video en mode direct.
US10440409B2 (en) 2016-04-20 2019-10-08 4T S.A. Method and device allowing an access control system to be applied to the protection of streamed video

Also Published As

Publication number Publication date
GB201210472D0 (en) 2012-07-25

Similar Documents

Publication Publication Date Title
EP2461539B1 (fr) Protection de mot de contrôle
EP1560361B1 (fr) Authentification de clé sécurisée et système d'échelle
EP1562318B1 (fr) Système et procédé pour la transmission des clés avec un attachement fort au client destinataire
RU2433548C2 (ru) Способ дескремблирования скремблированного информационного объекта контента
EP2227015B1 (fr) Traitement de droits conditionnels pour obtenir un mot de commande
US9385997B2 (en) Protection of control words employed by conditional access systems
EP2724546B1 (fr) Protection du logiciel d'un récepteur
WO2011120901A1 (fr) Désembrouillage sécurisé d'un flux de données audio/vidéo
US9191621B2 (en) System and method to record encrypted content with access conditions
US20070203843A1 (en) System and method for efficient encryption and decryption of drm rights objects
WO2013186274A1 (fr) Obtention de mots de contrôle au moyen de multiples échelles de clés
RU2534925C2 (ru) Способ защиты, способ расшифрования, носитель информации и терминал для способа защиты
Moon et al. JavaCard-based two-level user key management for IP conditional access systems
KR20110085850A (ko) 수신제한 이미지 다운로드 장치 및 방법
Koo et al. Key establishment and pairing management protocol for downloadable conditional access system host devices
KR20080016038A (ko) 메세지 교환 방법 및 메세지 교환 장치
WO2014154236A1 (fr) Obtenir ou fournir des données de clé
KR20110101784A (ko) Iptv 서비스 환경에서 컨텐츠 보안 장치 및 방법
JP2020112611A (ja) コンテンツ配信装置、携帯端末、受信装置およびそれらのプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13727951

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13727951

Country of ref document: EP

Kind code of ref document: A1